package com;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

 @Configuration
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
	 @Override
	  protected void configure(HttpSecurity http) throws Exception {
	      http
	          .authorizeRequests() 
	              .antMatchers("/", "/otherPages/").permitAll()    //定义无需认证的url
	              .anyRequest().authenticated()
	              .and()
	          .formLogin()
	              //.loginPage("/login")  //定义需要认证时，跳转到的登录页面
	              .loginPage("/login")  //定义需要认证时，跳转到的登录页面
	              .permitAll()
	              .and()
	          .logout()
	              .permitAll();
	      http.csrf().disable();
	  }	   
	 
//	    @Autowired
//	    public void configureGlobal(AuthenticationManagerBuilder authentication) throws Exception {
//	    	authentication.inMemoryAuthentication()
//	            .withUser("Admin").password("123456").roles("USER");
//	    }	
 }